A few days ago I installed SAS Management Console 9.4 M4 and Metacoda Plug-ins 6.0 R4 on a Microsoft Surface Pro running Windows 10. After launching SAS Management Console, and logging in, it looked very odd. All of the icons and text were very close together and the text was hard to read. Here’s a screenshot (the images on this page are automatically resized to fit in the column, but I have kept them at their original resolution so you can click on them if you want to see them full size for comparison) …

As someone who specialises in SAS® metadata security, I spend a lot of time using the Authorization tab in SAS Management Console. I also use Linux a great deal. When I run SAS Management Console on Linux, I’ve noticed that the check box background colours on the Authorization tab don’t render correctly (for me at least). I only ever see white background check boxes when I expect to also see green and gray ones: green indicating an ACT; white indicating an ACE; and gray indicating indirect. These colours are important indicators for the source of access controls so not being able to see them is a problem!

It occurred to me that I might be able to resolve this by specifying a Java System Property in the sasmc.ini file to change the Java Look & Feel.

I was asked yesterday whether it was possible to use the SAS® Management Console BI Lineage plug-in to provide non-administrators with the ability to review BI Lineage scans (as previously run by administrators). The BI Lineage plug-in can be used to do impact analysis for BI content (reports, information maps etc.) in a similar way that SAS Data Integration Studio provides impact analysis for DI content (jobs, tables, etc).

I’d never needed to do this before, so I did a little research. It didn’t take long to find the Granting Users Permission to View Scan Results section of the Using the BI Lineage Plug-in page in the SAS® 9.4 Intelligence Platform: System Administration Guide, Second Edition. That page explains how to open up access to the BILineage custom repository so that normal non-administrative users can get access to the scans (which are otherwise only available to unrestricted users). The document doesn’t get into explaining how to provide normal users with access to the BI Lineage plug-in itself so in this blog post I’m going to outline the steps required, with screenshots, to show the entire process. The end result of this process will be a BI Lineage Users group. You can then add normal non-administrative users as members of this group to provide them with access to both the BI Lineage plug-in and the scans in the BILineage repository.

Did you know that with SAS® 9.3 you can promote (export/import) SAS metadata packages containing users, groups, roles, and ACTs, just like you can with Jobs, Tables, Libraries, Stored Processes, Reports and Information Maps? I needed to do this myself a few weeks ago. I wanted to promote some groups, roles and ACTs from an existing SAS 9.3 M1 installation to a newer SAS 9.3 M2 installation. Security metadata can be exported and imported via a SAS package file (.spk) from special virtual folders under the top-level /System folder. These virtual folders are distinguishable from normal folders because they have white folder icons instead of yellow folder icons as shown below.

You can find out more information about this feature, including a few considerations you need to be aware of, by reading the Promoting Security Objects and Server Objects sub-section of the main Promotion Details for Specific Object Types section in the SAS 9.3 Intelligence Platform: System Administration Guide, Second Edition.

My security metadata promotion was a little more complicated than normal because I was also promoting some security metadata located in a custom repository. I normally avoid using custom repositories as much as possible (preferring to store everything in the Foundation repository and partitioning content with folders and ACTs). This is especially the case for security metadata: I’ve found that security metadata in custom repositories, being less visible, tends to get forgotten until it gets rediscovered whilst troubleshooting tricky security problems. Helping a customer resolve such problems was the reason we made security metadata from custom repositories highly visible in our Metacoda Security Plug-ins. We have since needed to keep some security metadata in custom repositories for the purposes of development and testing of our software. This is the custom repository security metadata I was attempting to promote, but it took me a little while to find it in the virtual folders …. Continue reading “Promoting SAS Security Metadata (in Custom Repositories)”